Remove use of headers that can be used to bypass anti-brute force controls
This commit is contained in:
Rob
parent
da94b43e84
commit
b5afd44195
|
|
@ -107,13 +107,6 @@ class Security extends dbJSON
|
||||||
|
|
||||||
public function getUserIp()
|
public function getUserIp()
|
||||||
{
|
{
|
||||||
if (getenv('HTTP_X_FORWARDED_FOR')) {
|
return getenv('REMOTE_ADDR');
|
||||||
$ip = getenv('HTTP_X_FORWARDED_FOR');
|
|
||||||
} elseif (getenv('HTTP_CLIENT_IP')) {
|
|
||||||
$ip = getenv('HTTP_CLIENT_IP');
|
|
||||||
} else {
|
|
||||||
$ip = getenv('REMOTE_ADDR');
|
|
||||||
}
|
|
||||||
return $ip;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue